Google to stop patching Chrome for 60M Android users this May
Google is deprecating Android 4.0 (Ice Cream Sandwich) support for Chrome with the final update expected to arrive in April and no more security patches from mid-May.
Security Awareness — News
Without a word, Google shelves default encryption on new Lollipop devices
Google has quietly stopped requiring that Android OEMs enable full-disk encryption by default in new Android 5.0 Lollipop devices, backtracking on its widely publicised plan to make life harder for snoops and police.
2014's vulnerability surge left Mac OS, iOS more exposed than Windows
The rate of new software vulnerabilities jumped dramatically between 2014 and 2013, with 19 new vulnerabilities disclosed every day last year and an upwards trend suggesting things could only get worse this year.
David Braue | 27 Feb | Read more
Is fragmentation killing Android in the enterprise?
Android may rule consumer smartphone shipments, but it’s getting trounced in the enterprise. So is Google’s new enterprise mobile security plan up to the task of raising Android's measly share of the enterprise? The answer may lie in the diversity of "the enterprise".
Shadow IT threat lingers as ANZ businesses drag feet on cloud moves
Less than 1 in 4 Australian and New Zealand businesses is in the advanced stages of planning their cloud rollout – yet with nearly half of CEOs and board members supporting the paradigm and 60 percent of respondents reporting security issues, the other organisation are not free from problems related to the cloud, a Red Hat customer survey has found.
David Braue | 26 Feb | Read more
Google launches Android for Work, its secure play for BYOD
Google has taken the wraps off Android for Work, the BYOD enterprise program it’s been brewing with mobile device management (MDM) partners for months and borrows from Samsung’s container technology KNOX.
Australians lead world in avoiding mobile malware but ransomware surge could bite: McAfee
Australia has the lowest rate of mobile malware infection in the world but 5 percent of Australian mobiles are still falling prey to mobile nasties, a McAfee Labs analysis has revealed.
David Braue | 26 Feb | Read more
The Case Against Metadata Retention : Part 2
The government's plan to force telecommunications providers to retain a set of metadata for every person has privacy advocates up in arms and police and security agencies telling us that this legislation is essential for fight crime in the 21st century.
Anthony Caruana | 25 Feb | Read more
Visa confirms April launch for tokens in EU, and 2015 for Australia
Credit card providers Visa and MasterCard have confirmed they will roll out their tokenisation technology in Australia at some point in 2015 while Visa said the service will launch in Europe by mid-April.
The Case for Metadata Retention
The government's plan to force telecommunications providers to retain a set of metadata for every person has privacy advocates up in arms and police and security agencies telling us that this legislation is essential for fight crime in the 21st century.
Anthony Caruana | 24 Feb | Read more
PM spruiks data retention as report blames Snowden for poor data sharing
“Strained” relationships between intelligence and business had impeded information sharing and compromised national security as a result, a report into Australia's counter terrorism capabilities has warned as Australian prime minister Tony Abbott stepped up his rhetoric about the need for data-retention legislation in a speech on national security this week.
David Braue | 24 Feb | Read more
The week in security: Data retention looms, Superfish gutted
Are your staff suitably trained to detect and ignore phishing spam? If not, you may want to revisit your policies: in the latest security embarrassment, banks in 30 countries have been systematically deprived of more than $US1 billion by cybercriminals due to what many are attributing to poor staff training around the handling of malware threats. Indeed, despite billions spent on security tools one study found that researchers were able to garner sensitive information in 88 percent of attempts just by using their eyes.
David Braue | 24 Feb | Read more
Gemalto says SIM cards secure after NSA, GCHQ hack report
Dutch SIM card maker Gemalto says its SIM cards are “secure” despite a report that US and UK spies hacked the company and stole encryption keys that would allow them to intercept mobile communications.
Centrify expands identity management to protect big-data honeypots
Identity-management provider Centrify has extended its capabilities to the emerging Hadoop big-data analysis platform, offering a suite of management tools that allow control over Hadoop systems using existing Microsoft Active Directory (AD) infrastructure.
David Braue | 20 Feb | Read more
Billion-dollar Carbanak heist blamed on poor staff cybersecurity training
Post-mortem analysis of the high-profileCarbanak banking heist continues to suggest that the $1 billion-plus series of attacks not only represent a high-water mark in the panoply of major crimes, but has been executed by cybercriminals exploiting the same sort of human weaknesses that security experts have been warning about for decades.
David Braue | 20 Feb | Read more
Google's virtual Chrome army attacks web applications to find bugs
Google has launched a vulnerability scanner that only targets two web application flaws by hammering them in a multi-stage attack. While it misses many bugs, the result for developers may be cheaper manual security reviews.
Security tools taking too long to detect new malware, analysis warns
It can be weeks or months before conventional antivirus solutions can properly detect new malware signatures, security firm Damballa has warned after an analysis showed that 28 percent of malware took more than a week to be addressed through a signature update.
David Braue | 19 Feb | Read more
Patch now: Cisco warns its firewall appliance is under attack
Cisco has warned customers that hackers are attacking un-patched versions of software that run its Adaptive Security Appliance (ASA) firewall.
The week in security: Moving on Internet of Things security, lagging elsewhere
Malware authors are proving increasingly successful at seeding fake Google Chrome extensions on Facebook. Appropriate, then, that Facebook launched a platform called ThreatExchange in which users can share information about security threats with their friends.
David Braue | 18 Feb | Read more
Naked Chef serves up pot roast with a side of exploits
Foodies looking for inspiration for that pork belly might want to avoid the recipe from the Naked Chef’s website, jamieoliver[dot]com. That is, until the website stops serving up an exploit for Flash Player